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^TTmETHOD AND A DEVTCEFOR ENCRYPTION OF IMAGES 
(57) Abstract 



In a method and a de- 
vice for partial encryption and 
progressive transmission of im- 
ages, a first section of the im- 
age file is compressed at reduced 
Quality without decryption, and 
a second section of the image 
file is encrypted. Users having 
access to appropriate decryption 
keywords can decrypt this sec- 
ond section. The first s«*on 
together with the decrypted sec- 
ond section can then be viewed 
as a full quality image. The stor- 
age space required for storing the 
first and section together is es- 
sentially the same as die stor- 
age space required for storing 
the unencrypted full quahry rm- 
aee By using the method and 
device as described herein stor- 
age and bandwidth requirements 
for partially encrypted images* 
reduced. Furthermore, object 
based composition and process- 
ing of encrypted objects are fa 
cilitated. and ROIs can be cn- 
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reduced. Furtnermorc. 
based composition and process- 
ing of encrypted objects are fa- MMnvntcd and restored in the compressed domain. 
AltK o-Toi can be encrypted and the origina, object can be decypted and res 
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A METHOD AND A DEVICE FOR ENCRYPTION OF IMAGES 
TECHNICAL FIELD 

The present invention relates to a method and a device for 
encrypting images. 

BACKGROUND OF THE INVENTION AND PRIOR ART 

Encryption of digital data is a technical field which becomes 
important when transmitting and storing secret information or 
information which only shall be available to a user paying for 
the information. Thus, several methods for encrypting digital 
data are in frequent use. Such methods can also be applied also 
to digital image data. Examples of encryption methods are DES, 
triple DES and the public-key RSA method. 

Digital images can be stored on servers and distributed over a 
telecommunication network as digital image data. Images can also 
be distributed using a physical storage medium such as a CD-ROM. 
Service providers need to establish access control that suits 
their Lsiness model. In this context it might be suitable to 
offer partial access to one set of users and full access to 
another set of users. Thus, some of the ^^-;^ 11 b ; ccesg 
encrypted in order to prevent all users from having full 
to all image data. 

offered for sale on the Internet. 

ETof tl i^ge with reduced quality for eva nation^ ■ 
journals, that want to publish an image, pay for the 
are then allowed to download a full quality image. 

such a service provider wants to minimize storage space 
However, such a service y m<i _ hr alternatively 

-, a v^t- rates An image provider might altem* 
and download bit rates. An g V ^ given 

^t to distribute images on e.g. a CD ROM^ ^ & 

i j frir = low price. Customers can view cue a 
away or sold for a low pric viewing them at full 

reduced quality, but they must pay for v.wrog 
quality. In the case the image provider wants to 
space on the CD-ROM as efficiently as possible. 
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It is also essential that customers always can access images 
using user friendly, standardised software. Image providers are 
reluctant to design and support special image viewers and 
customers don't want a proliferation of viewing tools. 

Presently, image providers have to store two versions of the 
images stored. The full quality version is stored as an 
encrypted image file. This means that the image first is 
compressed and stored in a compressed file format such as JPEG 
or GIF. The compressed file is then encrypted using a suitable 
encryption tool and an encrypted image file is stored. The user 
must first decrypt this file and then access the resulting 
compressed image file using an image viewing tool. Reduced 
quality images are produced by processing the full quality 
images in an image editing program. They are stored as separate 
compressed image files. 

The problems with this solution are that at least two <"•«««" 
versions o£ the same image need to be stored, and that both 
versions must also be transmitted over the networh 1> case of 
remote access in the case a customer first wants to see the free 
Z resolution image before paying for the full resolut.cn 
version. 

This results in a significant disadvantage if the reduced 
version image contains a ^J^Z^T^s would 
information. Images that are offeree quality 
in particular be provided for J^^^^JSng of 
since journal editors want to have a detailed ^ de * s J 
The image content and accepts only the ^^.J^ the 
printing. The reduced quality image could requxre 
storage space of the full quality image. 

^rthermore, the emerging still image <^<^™™' 

■w * -ir, rha-rilaos Christopoulos (eel.), 
which is described in Chariiaos 

Verification -el ^llTmage coding 

^^ZTJZTZ Particular. -K-^^ 
wide range of progressive image formats. Each a PP 
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can select a suitable progression mode. Individual objects 
within images can be accessed separately in the JPEG 2000 
bitstream and progressive transmission can be applied also to 
objects, in JPEG 2000 there is also support for independently 
decodable coding units. 

SUMMARY 

It is an object of the present invention to overcome the 
problems as outlined above and in particular to reduce the 
amount of memory required for storing an image, which partially 
shall be possible to view, and also to reduce transmission tune 
in a transmission scheme transmitting partially encrypted 
images. 

This object and others are obtained by a technique for partial 
encryption and progressive transmission of images where a first 
section of the image file can be decompressed at reduced quality 
without decryption, i.e. the first low quality image is not 
encrypted, and where a second section of the image file is 
encrypted- 

Itos . users havin 9 access to ^^^^Z Z 

decrypt this second section. The first section g 

decrypted second section can then be viewed as a ful quality 

The storage space required for storing the first and 
s^tionTogetLr is essential* the sa,e as the storage space 
Required for storing the unencrypted full 
encryption of the second section .nay. depending - the 
encryption method, imply a slight expansion of the 
section compared to the unencrypted second section. 

, k» partitioned into multiple sections where 
Th e image can also „ individual encryption 

An important element of the metnoa an f 

SSrr^T^ii operations in the compressed 
domain without performing entropy decoding. 
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A reduced quality image can be produced according to several 
different main schemes, such as: 

1) Reduced resolution 

2) Reduced accuracy of the transform coefficients. 

3) Exclusion of predefined regions of interest (ROD 

These methods can be combined so that a reduced quality image is 
e.g. produced by reducing both the resolution and the accuracy 
of the transform coefficients. 

By using the method and device for storing and transmitting 
image data as described herein, several advantages are obtained. 
Thus, there is no need to store two different versions of an 
image if different users are to have access to different quality 
of the one and same image. Also, transmission times become much 
lower if the information content of the first, low resolution, 
image data can be reused when transmitting the higher resolution 
image data. 

BRIEF DESCRIPTOR OF THE DRAWINGS 

Th e present invention will now be described rn »=re detarl and 
with reference to the accompanying drawings, m whrch: 

Fig ! is a genera! view of the file structore of an image 
I Figs.\a and 2 b shows encryption of images coded according to 

the JPEG 2000 standard. carried out 

- Fig. 3 is a flow chart illustrating some steps came 

when encrypting an image. process. 
. Fig 4 is a diagram illustrating a client server p 

- Fig. 5 is a view of an encryption header 

DETAILED DESCRIPTION structure of an original, 

1, the section 101, wmcn i „^f ion and will therefore 

■; <= roded without encryption ana 
resolution image, is coaea 

be possible to decode by any receiver. 
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The section 103, which comprises data, which combined with the 
data of section 101, result in a medium resolution version of 
the Ugh resolution image, is encrypted using a first encryption 
method, and only receivers having access to the correct 
encryption key will be able to decode the data stored m the 
section 103 - 

The section 105, which comprises data, which combined with the 
data of section 101 and 103 results in a full resolution version 
of the high resolution image, is encrypted using a second 
encryption method, and only receivers having access to the 
encryption key will be able to decode the data stored in the 
section 105. 

Thus, decoding of the section 101 will result in a low 
resolution image version 107. Decryption 103 and decodmg of the 
section 103 will, combined with the image data tree, the section 
101 result in a medium resolution image 111. Decryption 113 and 
^cooing of the section 105 will, coined with the image data 
frof the sections 101 and 103 result in a full resolutron ^ 
115- 

Purthermore. implementation in ^ ^ 

BOX. see Charilaos Christopoulos (edj JPEG 2000 

Mod 1 Version 2.0, describes how each coding ™* «£^L 

20 00 bitstream can be inserted in the bitstream so that 

range of progressive modes can be supported. 

^ o n a codinq unit is a part of 
tt, tpeg 2000 verification model 2.0, a coaxny 
TheTtst am that encodes a specific bitplane of a given 
sland. in general, a ceding unit can he descried as any 
independently decodahle subset of rmage >£°™™^J e so 
mechanism for specifying the bitstream orde r is to 
called tags that specifies the next codrng unit it 
sufficient to specify the subband »«^^. header cn at 
Known, . several specific modes can bl „ that 

defines a default coding unit order thus savrng 
are needed for inserting explicit tags. 
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in Figs. 2a and 2b block diagrams describing how encryption can 
be implemented in the JPEG 2000 encoder and decoder 
respectively, are shown. 

Thus in Fig 2a a block diagram where encryption is performed 
after entropy coding in the encoder is shown. Coding units enter 
an entropy coding block 201. In the block 201 coding the coding 
units are entropy coded using some suitable entropy code. The 
output from the block 201 is fed to a selector which selects a 
suitable encryption method for each entropy coded coding unit. 
Some coding units can be selected to not be encrypted at all. 

in response to the selection made in the selector 203 the 
entropy coded coding units are encrypted in a block 205. The 
encrypted coding units together with the not encrypted codxng 
units then form a combined output data stream, which can be 
stored or transmitted. 

in Fig. 2b a decoder for decoding the bit stream generated by 
tL encoder in Fig. 2a is shown. Thus, first encrypted and not 
encrypted coding units enter the decoder via a selecto Ml. 
™selects a suitable decryption method for each entropy 
coded coding unit, or if the received coding unit rs not 
encrypted it is directly transmitted to a block 255. 

X. response to the selection made in the ^^f^ a 
e „«opy coded coding units are decry, ted^ n a bloc ^ _ 
suitable decryption algontbm Th ^ecryp 

then fed to the block 255. ^ the block 255 the decryption 
£ rom fed directly from the selector 251 and fr ^ 

olock 253 are entropy which is fed 

output data stress, corresponding to the data 
to the entropy coding block 201 in Fig. 2a. 

„• ,„<t in the transmission scheme as shown in the 
Each codxng unit in the t denCly encrypted block. 

Figs . 2a and 2b is separately with any user 

Bach coding unit can also be encryp ^ ^ 

rren^rd-ird^errthcryption methods. ,he 
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encryption method used can further be an encryption algorithm 
combined with a keyword or a method for generating keywords. 

Different encryption methods can in such an embodiment have 
identical algorithms but different keywords. Encryption Method 
Description (END) as shown in Figs. 2a and 2b is any global data 
such as session keywords or algorithm identifiers that is needed 
to specify the Encryption Method. Unit Encryption State (DBS) is 
a symbol that for each coding unit defines how it is encrypted. 

in Fig. 3, a flow chart illustrating different steps carried out 
when encrypting an image are shown. First, in a step 301, an 
image to be partially encrypted is received. The image received 
in step 301 is then coded using a coding algorithm generating 
independently decodable coding units, e.g. JPEG 2000, in a step 



303. 



»e*t in a step 30S. some of the coding unite of the image coded 
TsU 303 ere encrypted using see suitable encryption -ethod. 
^ch as DBS . The coding units that are chosen to be encrypted 
Z be set in accordance with user preferences. Thus a user can 
Chose to have coding units corresponding to KOls hrgher order 
hit-planes, etc, encrypted. Finally, the encrypted coding units 
^ Le coding units which are not encrypted are merged rnto 
single bit stream. 

• ( a flow ch art illustrating a client-server process, 
ITtran^tfing an i^age encoded —g to the .ethod a 
scribed in ^^^LV^^ then issne 

:°re™o:i:rth: z~ « - . — — - 



405. 



4 03 replies by transmitting the coding units of the 
The server 403 replies oy encrypted 
iHV age which are not encrypted, step 407. The not ™ 
coding units can be decoded by the iffia ge. 
access to a low resolution version or a part o t ^ 
BaS ed on this information ^ client may w ^ ^ ^ 
the image in a higher resolution or the full xm 
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client transmits a request to the server requesting such 
information, step 409. 

The server replies by sending a request to the client requesting 
the client to agree to the conditions for transmitting the 
higher resolution version of the image, step 411. If the client 
agrees via a message 413, e.g. comprising a card number or 
account number from which to bill the cost for the image, the 
server sends the encrypted coding units together with a key word 
by means of which the encrypted coding units can be decrypted, 
step 415. A secure method for key distribution should be used. 
Examples of such secure methods are described in W. Stallings 
"Data and computer Communications", p 635 -637, Prentice-Hall 
1997 fifth edition ISBN 0-13-571274-2. 

If the client already has access to the unencrypted and 
encrypted coding units, for example if he has purchased a CD-ROM 
with images coded as described herein. The scheme as described 
in conjunction can be modified so that no image data is 
transmitted. Instead the client only agrees to conditions set by 
the server in order to have access to the key word(s) which are 
required to decrypt the encrypted coding units of the CD-ROM. 

in the case when the method and device as described herein is 
used when encoding image according to the JPEG 2000 standard xt 
is advantageous if the JPEG 2000 standard does not 
encryption methods. An Encryption Header that is included xn the 
imagfheader or optionally an Encryption Tag that xs merged wxth 
the JPEG 2000 Tags can instead be used to specify how codxng 
units are decrypted. 

in such an embodiment the JPEG 2000 image header contains an 
Encryption Flag CEF) . EF is then set if any coding "*V» 
encr^ted. An Encryption Header (EH) should then be appended to 
the JPEG 2000 image header and encryption informatxon can 
optionally be merged into JPEG 2000 Tags. 

in Fig. 5 an encryption header is shown. The Encryption Header 
can in such an embodiment contain the following symbols. 

SUBSTITUTE SHEET (RULE 26) 
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1) Encryption Mode (EM) . A set of standard encryption modes are 
defined e.g. 

a) .One encryption method is used for all coding units 

b) Bitplanes of less significance than bitplane X are encrypted 

c) Subbands of higher resolution than Y are encrypted 

d) ROIs specified in are encrypted, etc. 

No encryption information need to included in the Tags if an EM 
is defined. 

2) Encryption Mode Parameters (EMP) . Parameters (X, Y, ...) that 
are used to define the Encryption Mode are set here. 

3) Number of encryption methods used. Several encryption methods 
can be used within the same image if e.g. different user groups 
should be allowed to see different image content. 

4) One Encryption Method Descriptor (BHD) for each encryption 
method. The EMD defines any data that is needed by the 
encryption/decryption module. The type of encryption algorxthm 
is defined. A typical use of EMD will be to include a keyword 
that is encrypted by a public key algorithm. The user supplxes a 
private key for decrypting the enclosed encrypted key. The 
decrypted key is used by a fast decryption algorithm to decrypt 
i.agfcoding units. The order of the EMDs allocates an number to 
each encryption method. This number is used in OES symbols. 

5) The bitstream must for each coding unit specify if it i- 

Irypted and if so by what method. This is done by settxng one 

Unit Encryption State (UBS) symbol per coding unit. These 

syra bols could either be collected in the encryption header or 

alTematively be distributed in ~ we 

taas If the DES information xs kept xn the encrypt 

tags. xj. l." ,. (ES) _ ES consxsts of 

define a header element - Encryptxon State (ES) 

a series of UES symbols that are listed in the same order as 

coding units appears in the bit stream. 

IP EF is set and the Encryption State is not given in the 

SUBSTITUTE SHEET (RULE 26) 



WO 00/31964 



10 



PCI7SE99/02106 



header. JPEG 2000 Tags can be expanded to contain Omt 
Encryption State (UES) symbols. UES defines which encryption 
method, if any. that is used for encrypting the next codrng 



unit . 



The transform coefficients belonging to a ROI can be handled as 
described above. They can be completely or partially encrypted 
by selecting appropriate coding units belonging to the KOI for 
encryption. 

The main problem is that the shape of the KOI might reveal the 
content. If the shapes are encrypted it is, however, drffrcult 
to show a reduced quality image since it is difficult to 
interpret the coded transform coefficients. 

This problem can be solved by defining a so called 
shape (c-shape) . Thus, the real shape of one or several ROIs are 
c^letely enclosed in the c-shape. The c shape is designed to 
not^eves! sensitive image content. A simple example of a 
shape is a bounding box. 

wot in the JPEG 2000 bit 

stream. The c-shape xs coa Verific ation Model 

Charilaos <*»*«^ £L** as described therein 

Version 2.0. According to the technxqu ^ 
this would result in that the shape xs defxned 



header . 



A mas, is created ^^^J^ZZZ-*** 
coefficients belongxng to the c snap ^ ^ 

using the method as described herexn. ^ jf 1 ^ shielded 
all coefficients belonging to any RQIs is thus 

by the c-shape are encrypted. The textur 
protected by encryption. 

The shape of the KOIs are ^^J^J^Z that 

w The encryption, header contcu-n» ^ 

encryptron header^ -he jyP h ^ c . shap e. 

Units encrypted KOI sh P uaencrypt ed background. The c- 

The decoder can now aew 
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shape can be displayed as a blank region. The original ROIs can 
be decoded if the keyword is known. This is done by ^™ fc "* 
the coefficients belonging to the c-shape. The shape of each ROI 
belonging to the c-shape is also decrypted. The bitstream can 
now be rearranged so that the c-shape is dropped and the 
original ROI data structures are restored. Note that thxs is 
done in the compressed domain. 

The mask that is used for encoding a ROI is not ~^ f f ^f 
in JPEG 2000. A mask that is sufficiently large so that the ROI 
is encoded lossless will often cover the whole lower subbands. A 
nu.sk that is not allowed to expand will lead to a lossy encodxng 
of the ROI. The masks belonging to different ROIs or to a ROI 
and the background can be designed to overlap. This means that 
some coefficients are encoded in more than one ROI Such 
overlap will lead to a reduced overall compressxon but the ROIs 
over j. f , ^ an ._ h _ fc __ v R0I can be accessed and decoded 

are more independent so that any kvjx 

with a good visual result. 

The partial encryption method for ROIs described here^ i. . not 
I «or,f of the choice of mask as long as the mask is selected 
dependent of the chox recons tructed from the 

so that the content of a ROI cannot building a 

content of any other R OI or ground. A ££Lo. 
^s* that hides the content of the ROI rs ^ 2.0. 

Christopoulos tad.). ^ 2000 Verification Model Vernon 

By using the method and device as described herein storage and 
By usxng « ^.rtiallv encrypted images is 

candwidth ^^ tS o '° r ec n^ d co.sposftion and processing of 
reduC ed ^the-re. * - _ ^ encrypted . 

encrypted ejects are f encrypted and the originaX 

^ - -c^and restore, in the co.resse. domain. 

• c encrvption does not need to be 

Another advantage is that encrypc g 
performed at the same time as encodxng the image. Th 
perform compressed domain (at the 

^rUr It is possihie to encode ~ 

.cryption. - -^/^TL^ Xn this case, 
transmittxng the xmage oy a v 
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karate which will be the case 
if the encryption increases the bxtrate. whxch bitrate 
if the encryption is placed in the TAGS , the increase in bxtrate 
is avoided and the encryption information is only added before 
transmitting it. 
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CLAIMS 

1. A method of partially encrypting image data comprising the 
steps of: 

_ coding the image data using an encoding algorithm generatxng 
independently decodable coding units, 

- encrypting at least one of the coding units, and 

- merging coding units which are not encrypted with coding units 
which are encrypted into a combined bitstream. 

2. A method according to claim 1, characterised in that the not 
encrypted coding units correspond to a low resolution version of 
the image data. 

3. a method according to any of claims 1-2, characterized in 
that different coding units are encrypted using different coding 
methods . 

4 A method according to any of claims 1 - 3 f characterized in 
that an encryption flag, which indicates if a coding unit is 
encrypted, is inserted in the bit stream. 

5. A method according to any of claims 1 - 4, when information 
corresponding to a Region of interest is enc ^ te ^ . s 

characterized in that the shape of the region of interest 
enclosed in a cloaking shape. 

e. A device for partial encryption of i»age data earache* 

Cleans for coding the image data according to an encoding 
slgorithm generating independently decodable coding ^ 

- leans connected to the coding Beans for encrypting at least 
one of the coding units, and with 

- means for merging ceding units which are not encrypted 
ooling units which are encrypted as a coined bitstream. 

7 . A device according to clai- 6, characterised by ^ ^ 
selecting the not encrypted coding units as units oorrespo 
low resolution version of the image data. 



to a 
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8. X device according to any of claims 6-7, characterised by 
-„ans f or- encryptin, different coding units using different 
coding methods. 

9 . & device according to any of claim, 6-8, characterised by 
Lens for inserting an encryption flag, wnieh indites if a 
coding unit is encrypted, in the bit stream. 

10 . > device according to any cf claims 6 - *. ^ by 
B eans for enclosing a region cf interest scape rn a cloaXmg 

shape. 
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